The regulatory landscape is often a maze of complex rules and specific terms that can make compliance difficult. A recent addition to pharmaceutical regulations is GAMP 5, or Good Automated Manufacturing Practice 5.
GAMP 5 outlines comprehensive guidelines for complying with various industry regulations. Understanding these guidelines can be challenging through documentation alone. To address this, BGO Software has committed to deepening its understanding of GAMP 5 and sharing this knowledge with others.
One of the ways the task is accomplished is by speaking with Software Architect Harry Birimirski, who has years of experience in the field of pharmaceutical software development. He has also worked on several different projects together with BGO that have successfully passed regulatory inspections.
Understanding GAMP®5
The GAMP 5 software categories are a set of regulations and guidelines used directly by the pharmaceutical and life sciences industries to validate automated systems. The teams that develop and maintain these regulations are with the International Society for Pharmaceutical Engineering (ISPE).
GAMP 5 is responsible for the proper validation, compliance, and correct use of automated systems, which are applicable for any software product, in the pharmaceutical industry.
There is a specific approach that GAMP 5 takes when evaluating a system. The method is intended to categorize a system according to predetermined parameters of criticality which we will look at in more detail below. This categorization is meant to show what kinds of testing, validation, and documentation a certain system requires before labeling it as compliant.
Master GAMP®5 Compliance with Expert Guidance
Navigate the complexities of GAMP®5 and its impact on pharmaceutical software development with BGO Software.
Overview of GAMP 5 categories
GAMP 5 divides software into 5 different categories, each with its own unique qualifications. To get a full grasp of how GAMP 5 regulation works, we must explore its categories.
Category 1 – Software that could impact patient safety and product quality
This category includes software directly involved in patient treatment, diagnosis, or critical manufacturing process.
Category 1 software failures or malfunctions can significantly affect patient safety and product quality. As a result, thorough testing and detailed documentation are necessary to ensure reliability and compliance.
Category 2 – Software that could impact product quality
This type of configurable software may not directly affect patient safety but can influence product quality. Examples include software used in manufacturing, business processes, quality control, or product testing.
Rigorous testing and thorough documentation are still required to ensure consistent performance and compliance.
Category 3 – Software that supports but does not impact product quality
Category 3 software includes support functions that do not directly impact product quality. This often includes commercial off-the-shelf (COTS) software or a quality management system used for administrative tasks.
Testing and documentation requirements are less extensive than those for Categories 1 and 2.
Category 4 – Non-configured software for Category 1 or 2 systems
This category applies to software that, when used in Category 1 or 2 systems, could affect patient safety and compromise product quality. For these systems, comprehensive testing and detailed documentation are required to ensure safety and performance.
Category 5 – Non-configured software for Category 3 systems
Similar to Category 4, Category 5 involves non-configured software. However, it applies to systems in Category 3, where the impact on product quality is lower.
An important thing to mention here is that the different categories go through four distinct steps of testing software according to their level of criticalness:
- The first step is Unit/Integration testing which is evaluating whether the functional and design specifications are correct.
- The second step is Configuration testing which is intended to make sure the exact configurations for the software are in order.
- Functional testing is something all categories go through to see if the functions listed in the documentation are all working properly.
- The final step is Requirements testing which is a validation all software goes through to prove it meets all set guidelines and needs of the challenge it is meant to solve.
How GAMP®5 makes the guidelines last?
Even though the set of regulations that is GAMP 5 provides an effective way to manage developing software, it also makes sure that even after release everything is up to standards.
One of the ways the process accomplishes this is by defining the exact system user and supplier responsibilities. Users are responsible for specifying their requirements, while the supplier involvement makes sure that systems meet GAMP 5 business requirements.
Another approach GAMP 5 takes to make future-proof software is to demand proper documentation. Everything and anything about a project has to be documented, starting from the system functions to the hardware specifications and the technologies used for the entire system. This can help future developers follow the past thread and learn from it.
GAMP 5 certification emphasizes a holistic approach to system life cycle activities management, fostering compliance across its diverse software categories. This framework encompasses a broad spectrum, from foundational infrastructure software to highly specialized bespoke software.
This documentation can then be easily referenced in the future when needed. GAMP 5 provides guidelines for maintaining validated systems throughout their lifecycle and the procedures for retiring or replacing them.
A very important aspect to not leave out is that GAMP 5 meets all international regulatory standards, such as FDA regulations and the European Medicines Agency (EMA) guidelines.
Why is GAMP®5 better than other methodologies?
“After the COVID pandemic, regulators have become more understanding in the rules they impose but in no way less fair.”
Harry Birimirski, Senior Solution Architect at BGO Software
According to Harry, auditors of pharmaceutical software have been more lenient after the pandemic not by ignoring any rules, but by applying them in a more understanding way.
In such an industry regulations are what guard the people from potentially harmful products and the inspectors for such products are strict but with full right to be so. GAMP 5 validation is one of many sets of guidelines that companies can adopt to ensure compliance with regulation.
GAMP 5 is fundamentally a risk based approach for compliant GxP computerized systems and provides guidance rather than enforceable regulations. This approach helps ensure regulatory compliance and facilitates focused testing, allowing you to concentrate efforts on high-risk areas, thereby increasing testing efficiency.
The methodology also accounts for custom software testing procedures that are specifically made for the intended system that is being validated.
Furthermore, GAMP 5 offers specialized reference materials via the ISPE’s “Good Practice Guides,” which are invaluable for applying the risk based approach to various systems in your organization. These guides cover diverse GxP computerized systems that provide additional guidance on testing and validation strategies.
Those include:
- Process control systems;
- Electronic signatures;
- Electronic records, and others.
At its core, GAMP 5 recognizes the nuanced requirements of various software types, whether they involve an internal scripting language or rely on an external programming language. The methodology emphasizes aligning database procedures with user requirements. It ensures that quality and data integrity remain a priority throughout the software development and implementation processes.
Interestingly, GAMP 5 goes beyond focusing solely on the software. It also covers the tools and interfaces that interact with it, including vendor-supplied utilities and custom-built control panel viewers.
These components play a vital role in preserving system integrity. The guidelines also cover often-overlooked aspects of system configuration, such as user-defined text strings and default settings in laboratory instruments. They acknowledge the impact these factors can have on system performance and data reliability.
Perhaps one of GAMP 5’s most significant contributions to the validation world is its establishment of a common language. This shared lexicon facilitates more effective communication between stakeholders, from developers to end-users, and helps bridge the gap between the vendor’s marketing literature and actual system capabilities.
Key Guidelines for Compliance
GAMP 5 certification promotes a comprehensive approach to managing system lifecycle activities and ensures compliance across its various software categories. The framework covers a wide range, from basic infrastructure software to highly specialized custom software. GAMP provides clear guidelines that support compliance efforts.
A central feature of GAMP 5 is its risk-based approach. Validation efforts should match the system’s complexity and associated risks, prioritizing critical aspects of the system.
To manage risk, companies must do the following:
- Identify risks that affect product quality, safety, or data integrity;
- Implement controls to address high-risk areas;
- Focus on critical system functions during testing.
Another important guideline is scalability. The level of testing and documentation should align with the system’s complexity, avoiding unnecessary validation for simpler systems. Using supplier documentation can help streamline validation and reduce redundant work.
Additionally, lifecycle management ensures systems remain compliant after implementation. This requires periodic reviews and updates to maintain the validated state. These guidelines promote efficiency while meeting regulatory requirements and ensure that automated systems stay robust and reliable throughout their operational life.
How is GAMP®5 viewed by experts?
At the GAMP Forum sponsored by the ISPE Boston Area Chapter, industry experts discussed Computer System Validation (CSV) and Computer Software Assurance (CSA). In 2016, the FDA’s CDRH medical device arm recognized that the regulated medical device and regulated industries are struggling to adopt new technology due to the perceived “validation burden.”
To address this issue, a team was assembled to draft guidance on how to approach systems validation using a risk based approach, consistent with GAMP 5 principles.
Validation experts in the forum highlighted that the effort of validating computer systems should align with the risks to patient safety. High-risk systems and functionalities should be the primary focus of documented scripted testing. Unscripted testing for user acceptance is essential, along with leveraging testing conducted by the application vendor.
The initiative proposed a thorough shift in the way risk management is handled. Regulated companies like RegenXbio and Gilead have implemented these key concepts, resulting in faster system deployment, reduced documentation, cost savings, fewer errors, and increased confidence in computerized systems.
At the forum, experts discussed risk assessment in system validation and explored how new technologies are being used in regulated life science environments. They stressed the importance of properly evaluating risks in software validation and understanding the potential challenges with cloud deployments. GAMP 5 plays a key role in making sure software modules meet these critical requirements.
Furthermore, the technology track delved into the software applications of artificial intelligence (AI), machine learning (ML), and blockchain in regulated environments. This highlights the significance of clean and accurate data sets, as well as the potential of blockchain for tracking inventory in the life science industry.
How does GAMP®5 concern developers directly?
When software developers work on operating systems or application software used in GxP (Good Practices) environments, they must consider GAMP 5’s requirements to ensure their products meet regulatory requirements. This includes the need to perform the validation process activities, adhere to appropriate documentation practices, and make sure that the tuning of software functions follows standards.
Developers must take into account the risk based approach advocated by GAMP 5, which involves assessing the level of risk a system poses to product quality, patient safety, and data integrity.
This assessment gives the macro instructions for the extent of validation and testing that must be conducted. It helps developers understand which parts of the system need more rigorous testing and documentation due to their criticality.
Incorporating GAMP 5 training into the development process is essential for ensuring that the specific software meets the stringent standards required by regulatory agencies like the FDA and EMA.
Developers can create products that are compliant with these regulations by following the GAMP 5 guidelines and using validating automated systems. Thus the risks of non-compliance and potential product recalls are reduced.
Who monitors GAMP®5 adherence?
The GAMP 5 categories of software were created and are maintained by the International Society for Pharmaceutical Engineering (ISPE). The ISPE is a not-for-profit organization that provides a platform for professionals in the pharmaceutical and biopharmaceutical manufacturing industries to collaborate and share best practices.
Adherence to GAMP 5 standards is not monitored by a specific regulatory body. However, regulatory agencies such as the U.S. Food and Drug Administration (FDA) and the European Medicines Agency (EMA) often reference the GAMP 5 guideline as industry-accepted practices for computer system validation.
Practical tips for implementation
Pharmaceutical and life sciences companies are required to follow GAMP 5 guidelines, along with other regulatory standards, when developing and validating computerized systems.
Implementing GAMP 5 can seem complex, but breaking it down into practical steps makes the process more manageable. Here are some key tips to help streamline the application of GAMP 5 in your system validation efforts.
Conduct a comprehensive risk assessment
Before starting validation activities, companies should perform a detailed risk assessment of their computerized systems. This step ensures resources are allocated effectively, focusing on areas that could impact product quality and patient safety.
The assessment should account for system complexity, its effect on business processes, and potential regulatory concerns.
Develop a tailored validation strategy
After completing the risk assessment, create a validation strategy that matches the system’s complexity and importance.
GAMP 5 supports a scalable approach, allowing you to adjust efforts accordingly. For lower-risk systems, consider using less extensive documentation and testing to streamline the process.
Invest in comprehensive training
Ensuring that the entire team—developers, quality assurance staff, and end-users—understands GAMP 5 principles can significantly improve implementation and compliance. This shared knowledge streamlines processes across the organization.
To succeed easier and faster, provide role-specific training to address each team member’s responsibilities in the validation process.
Implement robust change management
Finally, establish a comprehensive system to manage and document changes to validated systems. This ensures ongoing compliance and protects system integrity when modifications are made.
The change management process should include impact assessments and revalidation when necessary. Regularly review and update this process to keep pace with evolving regulations and technology.
Many companies in the pharmaceutical software industry have found success with this approach. BGO Software, as an implementer, can also attest to its significant benefits.
Whether you’re a startup, a Fortune 100 company or a government organisation, our team can deliver a solution that works for you.
BGO Software
Conclusion
GAMP 5 is a complex system that often requires changes to existing paradigms for optimal implementation. However, the guidelines are well-documented, with clear suggestions and methodologies for companies to follow.
By taking a system life cycle approach, GAMP 5 helps ensure that software engineering practices align with the intended use of computerized systems. It addresses not only the core software but also the operating system, business process considerations, and tools supplied by vendors, which are integral to maintaining compliance.
The standard has proven highly beneficial to many companies in the pharmaceutical software industry. BGO Software, which implements GAMP 5, can vouch for its considerable utility in turning software functions into compliant, reliable systems.
The guidelines also accommodate internal scripting language specific to the system and encourage the use of statistical calculation to drive higher quality. According to our lead software architect Harry Birimirski, Good Automated Manufacturing Practices are here to stay and will continue shaping the future of regulated industries.
